Untrusted input -> memory-safe parser -> trusted input -> C program. Probably no... | Hacker News

Hacker News .hnnew | past | comments | ask | show | jobs | submit

		tsimionescu on Nov 22, 2022 \| parent \| context \| favorite \| on: Why CVE-2022-3602 was not detected by fuzz testing Untrusted input -> memory-safe parser -> trusted input -> C program. Probably not that important for `ls`, probably worth it for OpenSSL.

lazide on Nov 22, 2022 [–]

The challenge of course is the links to the ‘memory safe parser’, or how it gets from the untrusted input to it mediated by C, correct?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact